1.4.2

Updated 3 Days AgoPublic

Actions

Known issues

• The RADIUS client library is still vulnerable to CVE-2024-3596 — a fix will be included in the next release (T7285).

Security

• Private SSH key reuse in the console server service (T7217).

Configuration syntax changes (automatically migrated)

• Add route-map and metric options to "redistribute table" in BGP (T7163).

New features and improvements

• Check architecture and flavor compatibility on upgrade attempts (T6389).
• Add an option to assign static IP address to IPoE server users (T6628).
• Add PPPoE server options to accept any service name and blank service name (T6685).
• IPoE-server add the ability to configure Lua scripts for username mapping (T6872).
• Add an option to start sessions with an unclassified packet to IPoE server (T6906).
• Add source-vrf source option to route maps (T7158).
• Add route-map and metric options to "redistribute table" in BGP (T7163).
• Add port option to GENEVE tunnels (T7171).
• Add a command to automatically upload tech-support report archives to a server (T7193).
• Containers add capability CAP_MKNOD (T7204).
• Add CLI to disable LDP establish hello packets (T7286).
• pki: race condition for acme requested certificates - CA auto import only on the second run (T7299).

Bug fixes

• Shaper QoS policy does not recognize 'lowdelay' DSCP value (T681).
• DHCP default route duplicated when moving interface between VRFs (T5103).
• Conntrack logging doesnt seem to be working (T5471).
• Raw output for system storage op mode causes exceptions on live CD (T6514).
• VyOS local system users TACACS+ authorization requests do not work correctly (T6613).
• Show log firewall not printing logs for default-actions for custom ruleset (T6636).
• Strings with spaces in "set interfaces * address" cause an ipaddrcheck argument error (T6739).
• Segmentation fault when checking incorrect IP ranges with ipaddrcheck (T6744).
• Incorrect flow isolation policy parameters generated for CAKE QoS policies (T6790).
• QoS policy priority-queue is broken by default (T6799).
• Unhandled exception when setting priority-queue QoS policy type to random-detect (T6800).
• The default route distance for PPPoE (210) in the migration script is incorrect and may break server availability (T6863).
• Support matching ethertype in QoS policies (T6874).
• Empty "ntp" CLI node causes a config migration error when upgrading from VyOS 1.3.x (T6911).
• Offload RPS fails on CPUs with more than 32 cores (T6917).
• PPPoE server does not allow listening on physical interfaces if VLANs are present in the configuration (T6936).
• bfd: fix invalid generated template when no multi-hop profile is defined (T6945).
• Missing cron file for geoip auto update (T6986).
• lsb_release reports the system to be debian (T6992).
• Use VyOS release-train in /etc/os-release codename over Debian release name (T7019).
• Incorrect versions of libnss-mapuser and libpam-radius-auth are included in the build, breaking RADIUS authentication (T7020).
• VRF name "up" is reserved and should not be used (T7024).
• Missing 'version' in manifest.json will cause a timeout of 'make test' (T7031).
• Disallow upgrades to non-matching flavors (T7034).
• RADIUS source-address option does not work with IPv6 (T7039).
• SSH Agent is not available for Git commit archive (T7048).
• 'set service webproxy domain-noncache <domain>' command does not work (T7057).
• Regression of T3240 in WIDE dhcp6c - Missing patch to support configuration of custom DUID (T7058).
• Upgrade may fail on instances with limited memory due to insufficient space in /tmp/ (T7102).
• DHCPv6 client is restarted on every change to the interface (T7135).
• Cannot set an agent-address in sFlow if VRF is used (T7136).
• "redistribute table" option in BGP does not work correctly (T7161).
• VXLAN interfaces disappear if the parent wireguard interface was changed (T7166).
• Fix sed pattern for change in OPAM install.sh (T7170).
• vyos-domain-resolver not picking up non-default configuration values (T7176).
• Firewall interface-group with a container interface fails validation on reboot (T7177).
• Unhandled exception in SNMP v3 configuration without engineid. (T7180).
• vyos-netplug-dhcp-client requires Config instead of ConfigTreeQuery (T7182).
• bond: error message interpreted as list when it's a string and thus loosing information (T7191).
• Bridge allows to specify the same member interface more than one time (T7192).
• lldp: disable individual interface has no effect if 'all' is defined (T7194).
• Remove unintended binary files from ipaddrcheck source tree and keep them from re-appearing (T7195).
• VXLAN needs to make remote and group options mutually exclusive (T7219).
• Unhandled template error in "generate ipsec profile ios-remote-access" (T7225).
• LDP Hello packets are generated to answer incoming Hello before forming neighbor adjacency (T7226).
• Proxmox grub console type should be tty0 by default (T7231).
• DHCPv6: add smoketest verifying that there is no invalid syntax or parsing error for wide-dhcpv6-client (T7248).
• Virtual-ethernet Interface vif mtu does not work (T7293).
• image upgrade will replace symlinks with a copy (T7294).
• ACME certificate updates fail due to missing timezone info (T7295).

Other resolved issues

• Use ipaddrcheck for validating IP address ranges (T6743).
• VyOS' FRR is not linked against PCRE2, reducing BGP convergence performance (T6854).
• Mark FastNetMon as deprecated (T6919).
• Add an option to specify bootloaders to the image build arguments (T6922).
• "monitor log" should have no output color at all (T6971).
• iproute2: disable colored output by default (T6979).
• Treat vyos-domain-resolver as a real service (T6983).
• Extend smoketesting platform to also validate /etc/release | lsb_release content (T6999).
• TACACS: extend smoketests with a live tac_plus server running as container (T7023).
• Source NAT smoke tests fail due to an incorrect interface name (T7033).
• RADIUS: extend smoketests with a live freeradius server running as container (T7038).
• Allow general binary includes in flavor files (T7109).
• Update ipaddrcheck versions and changelogs (T7199).